npm - @guilz-dev/belay - Versions diffs - 0.1.0 - Mend

@guilz-dev/belay 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (266) hide show

package/LICENSE +21 -0
package/README.md +268 -0
package/agent-belay-logo.png +0 -0
package/dist/adapters/claude/adapter.d.ts +7 -0
package/dist/adapters/claude/adapter.js +114 -0
package/dist/adapters/claude/hooks.d.ts +13 -0
package/dist/adapters/claude/hooks.js +49 -0
package/dist/adapters/claude/runtime-entry.d.ts +4 -0
package/dist/adapters/claude/runtime-entry.js +260 -0
package/dist/adapters/codex/adapter.d.ts +7 -0
package/dist/adapters/codex/adapter.js +73 -0
package/dist/adapters/codex/hooks.d.ts +21 -0
package/dist/adapters/codex/hooks.js +78 -0
package/dist/adapters/codex/runtime-entry.d.ts +4 -0
package/dist/adapters/codex/runtime-entry.js +237 -0
package/dist/adapters/cursor/adapter.d.ts +7 -0
package/dist/adapters/cursor/adapter.js +29 -0
package/dist/adapters/cursor/hooks.d.ts +2 -0
package/dist/adapters/cursor/hooks.js +26 -0
package/dist/adapters/cursor/runtime-entry.d.ts +4 -0
package/dist/adapters/cursor/runtime-entry.js +143 -0
package/dist/adapters/layouts/claude.d.ts +2 -0
package/dist/adapters/layouts/claude.js +40 -0
package/dist/adapters/layouts/codex.d.ts +2 -0
package/dist/adapters/layouts/codex.js +43 -0
package/dist/adapters/layouts/cursor.d.ts +2 -0
package/dist/adapters/layouts/cursor.js +40 -0
package/dist/adapters/layouts/index.d.ts +7 -0
package/dist/adapters/layouts/index.js +23 -0
package/dist/adapters/layouts/protected-paths.d.ts +3 -0
package/dist/adapters/layouts/protected-paths.js +15 -0
package/dist/adapters/layouts/scope.d.ts +19 -0
package/dist/adapters/layouts/scope.js +86 -0
package/dist/adapters/layouts/types.d.ts +14 -0
package/dist/adapters/layouts/types.js +1 -0
package/dist/adapters/registry.d.ts +4 -0
package/dist/adapters/registry.js +14 -0
package/dist/adapters/shared/gate-runtime.d.ts +51 -0
package/dist/adapters/shared/gate-runtime.js +518 -0
package/dist/adapters/shared/repo-root.d.ts +2 -0
package/dist/adapters/shared/repo-root.js +17 -0
package/dist/adapters/types.d.ts +19 -0
package/dist/adapters/types.js +1 -0
package/dist/branding.d.ts +3 -0
package/dist/branding.js +3 -0
package/dist/bundle/claude-runtime.mjs +5323 -0
package/dist/bundle/codex-runtime.mjs +5310 -0
package/dist/bundle/cursor-runtime.mjs +5208 -0
package/dist/cleanup-orphans.d.ts +7 -0
package/dist/cleanup-orphans.js +59 -0
package/dist/cli.d.ts +2 -0
package/dist/cli.js +631 -0
package/dist/commands/approve.d.ts +14 -0
package/dist/commands/approve.js +65 -0
package/dist/commands/audit.d.ts +59 -0
package/dist/commands/audit.js +132 -0
package/dist/commands/classify-for-report.d.ts +9 -0
package/dist/commands/classify-for-report.js +85 -0
package/dist/commands/doctor.d.ts +3 -0
package/dist/commands/doctor.js +366 -0
package/dist/commands/dogfood.d.ts +5 -0
package/dist/commands/dogfood.js +71 -0
package/dist/commands/explain.d.ts +3 -0
package/dist/commands/explain.js +133 -0
package/dist/commands/health-snapshot.d.ts +2 -0
package/dist/commands/health-snapshot.js +166 -0
package/dist/commands/init-wizard.d.ts +16 -0
package/dist/commands/init-wizard.js +50 -0
package/dist/commands/metrics.d.ts +7 -0
package/dist/commands/metrics.js +89 -0
package/dist/commands/recover.d.ts +3 -0
package/dist/commands/recover.js +105 -0
package/dist/commands/report.d.ts +3 -0
package/dist/commands/report.js +65 -0
package/dist/commands/revoke.d.ts +5 -0
package/dist/commands/revoke.js +22 -0
package/dist/commands/simulate.d.ts +14 -0
package/dist/commands/simulate.js +55 -0
package/dist/commands/status.d.ts +5 -0
package/dist/commands/status.js +107 -0
package/dist/config-io.d.ts +23 -0
package/dist/config-io.js +180 -0
package/dist/conformance/guarantee-table.d.ts +14 -0
package/dist/conformance/guarantee-table.js +95 -0
package/dist/conformance/types.d.ts +6 -0
package/dist/conformance/types.js +1 -0
package/dist/core/approval-service.d.ts +26 -0
package/dist/core/approval-service.js +41 -0
package/dist/core/approval-token.d.ts +11 -0
package/dist/core/approval-token.js +61 -0
package/dist/core/approval.d.ts +19 -0
package/dist/core/approval.js +58 -0
package/dist/core/audit-analysis.d.ts +10 -0
package/dist/core/audit-analysis.js +147 -0
package/dist/core/audit-metrics.d.ts +51 -0
package/dist/core/audit-metrics.js +155 -0
package/dist/core/audit-query.d.ts +11 -0
package/dist/core/audit-query.js +142 -0
package/dist/core/audit-summary.d.ts +33 -0
package/dist/core/audit-summary.js +111 -0
package/dist/core/audit-types.d.ts +65 -0
package/dist/core/audit-types.js +2 -0
package/dist/core/capability/allowlist.d.ts +10 -0
package/dist/core/capability/allowlist.js +53 -0
package/dist/core/capability/broker.d.ts +17 -0
package/dist/core/capability/broker.js +29 -0
package/dist/core/capability/index.d.ts +5 -0
package/dist/core/capability/index.js +4 -0
package/dist/core/capability/paths.d.ts +1 -0
package/dist/core/capability/paths.js +20 -0
package/dist/core/capability/reasons.d.ts +2 -0
package/dist/core/capability/reasons.js +4 -0
package/dist/core/capability/types.d.ts +10 -0
package/dist/core/capability/types.js +1 -0
package/dist/core/capability-approval.d.ts +28 -0
package/dist/core/capability-approval.js +43 -0
package/dist/core/classify-subagent.d.ts +2 -0
package/dist/core/classify-subagent.js +69 -0
package/dist/core/classify-tool.d.ts +3 -0
package/dist/core/classify-tool.js +311 -0
package/dist/core/config-layers.d.ts +23 -0
package/dist/core/config-layers.js +59 -0
package/dist/core/config.d.ts +219 -0
package/dist/core/config.js +720 -0
package/dist/core/control-plane-isolation.d.ts +10 -0
package/dist/core/control-plane-isolation.js +83 -0
package/dist/core/custom-command-match.d.ts +2 -0
package/dist/core/custom-command-match.js +8 -0
package/dist/core/egress/allowlist.d.ts +7 -0
package/dist/core/egress/allowlist.js +33 -0
package/dist/core/egress/env.d.ts +3 -0
package/dist/core/egress/env.js +17 -0
package/dist/core/egress/fingerprint.d.ts +3 -0
package/dist/core/egress/fingerprint.js +35 -0
package/dist/core/egress/policy.d.ts +8 -0
package/dist/core/egress/policy.js +47 -0
package/dist/core/egress/proxy-server.d.ts +21 -0
package/dist/core/egress/proxy-server.js +263 -0
package/dist/core/egress/types.d.ts +25 -0
package/dist/core/egress/types.js +1 -0
package/dist/core/egress-approval.d.ts +48 -0
package/dist/core/egress-approval.js +129 -0
package/dist/core/fingerprint.d.ts +6 -0
package/dist/core/fingerprint.js +24 -0
package/dist/core/gate-contract.d.ts +48 -0
package/dist/core/gate-contract.js +50 -0
package/dist/core/gate-engine.d.ts +20 -0
package/dist/core/gate-engine.js +172 -0
package/dist/core/glob.d.ts +1 -0
package/dist/core/glob.js +39 -0
package/dist/core/index.d.ts +19 -0
package/dist/core/index.js +15 -0
package/dist/core/integrity.d.ts +15 -0
package/dist/core/integrity.js +68 -0
package/dist/core/judge-api-key.d.ts +4 -0
package/dist/core/judge-api-key.js +11 -0
package/dist/core/judge-config.d.ts +29 -0
package/dist/core/judge-config.js +85 -0
package/dist/core/judge-doctor.d.ts +7 -0
package/dist/core/judge-doctor.js +124 -0
package/dist/core/judgment.d.ts +6 -0
package/dist/core/judgment.js +38 -0
package/dist/core/notify.d.ts +13 -0
package/dist/core/notify.js +44 -0
package/dist/core/path-utils.d.ts +12 -0
package/dist/core/path-utils.js +107 -0
package/dist/core/reclassify.d.ts +15 -0
package/dist/core/reclassify.js +82 -0
package/dist/core/recover-advice.d.ts +30 -0
package/dist/core/recover-advice.js +177 -0
package/dist/core/recover-git-probe.d.ts +8 -0
package/dist/core/recover-git-probe.js +50 -0
package/dist/core/recover-select.d.ts +10 -0
package/dist/core/recover-select.js +60 -0
package/dist/core/scrub.d.ts +3 -0
package/dist/core/scrub.js +87 -0
package/dist/core/shell-substitution.d.ts +6 -0
package/dist/core/shell-substitution.js +130 -0
package/dist/core/shell-tokenizer.d.ts +5 -0
package/dist/core/shell-tokenizer.js +129 -0
package/dist/core/shell-unparseable.d.ts +4 -0
package/dist/core/shell-unparseable.js +96 -0
package/dist/core/transactional/diff-evaluator.d.ts +2 -0
package/dist/core/transactional/diff-evaluator.js +84 -0
package/dist/core/transactional/eligibility.d.ts +4 -0
package/dist/core/transactional/eligibility.js +44 -0
package/dist/core/transactional/git-worktree.d.ts +13 -0
package/dist/core/transactional/git-worktree.js +189 -0
package/dist/core/transactional/index.d.ts +5 -0
package/dist/core/transactional/index.js +4 -0
package/dist/core/transactional/reasons.d.ts +4 -0
package/dist/core/transactional/reasons.js +8 -0
package/dist/core/transactional/runner.d.ts +2 -0
package/dist/core/transactional/runner.js +113 -0
package/dist/core/transactional/types.d.ts +46 -0
package/dist/core/transactional/types.js +1 -0
package/dist/core/types.d.ts +90 -0
package/dist/core/types.js +1 -0
package/dist/core/v2/adapter.d.ts +14 -0
package/dist/core/v2/adapter.js +118 -0
package/dist/core/v2/containment.d.ts +19 -0
package/dist/core/v2/containment.js +91 -0
package/dist/core/v2/egress-classify.d.ts +7 -0
package/dist/core/v2/egress-classify.js +216 -0
package/dist/core/v2/fingerprint.d.ts +1 -0
package/dist/core/v2/fingerprint.js +4 -0
package/dist/core/v2/index.d.ts +12 -0
package/dist/core/v2/index.js +10 -0
package/dist/core/v2/judge-audit.d.ts +2 -0
package/dist/core/v2/judge-audit.js +15 -0
package/dist/core/v2/judge-factory.d.ts +25 -0
package/dist/core/v2/judge-factory.js +75 -0
package/dist/core/v2/judge-outbound.d.ts +12 -0
package/dist/core/v2/judge-outbound.js +73 -0
package/dist/core/v2/judge.d.ts +47 -0
package/dist/core/v2/judge.js +264 -0
package/dist/core/v2/launcher-resolve.d.ts +12 -0
package/dist/core/v2/launcher-resolve.js +190 -0
package/dist/core/v2/overrides.d.ts +7 -0
package/dist/core/v2/overrides.js +37 -0
package/dist/core/v2/parser.d.ts +21 -0
package/dist/core/v2/parser.js +213 -0
package/dist/core/v2/types.d.ts +67 -0
package/dist/core/v2/types.js +1 -0
package/dist/core/v2/verdict.d.ts +2 -0
package/dist/core/v2/verdict.js +699 -0
package/dist/corpus/evaluate.d.ts +24 -0
package/dist/corpus/evaluate.js +69 -0
package/dist/defaults.d.ts +18 -0
package/dist/defaults.js +155 -0
package/dist/egress-daemon.d.ts +1 -0
package/dist/egress-daemon.js +52 -0
package/dist/index.d.ts +17 -0
package/dist/index.js +15 -0
package/dist/installer/bootstrap.d.ts +5 -0
package/dist/installer/bootstrap.js +61 -0
package/dist/installer/runtime-artifacts.d.ts +3 -0
package/dist/installer/runtime-artifacts.js +23 -0
package/dist/installer/scope-config.d.ts +8 -0
package/dist/installer/scope-config.js +25 -0
package/dist/installer.d.ts +22 -0
package/dist/installer.js +169 -0
package/dist/node-resolution.d.ts +8 -0
package/dist/node-resolution.js +237 -0
package/dist/operational-insights.d.ts +19 -0
package/dist/operational-insights.js +24 -0
package/dist/presets.d.ts +4 -0
package/dist/presets.js +95 -0
package/dist/services/egress-service.d.ts +57 -0
package/dist/services/egress-service.js +334 -0
package/dist/services/sandbox-service.d.ts +38 -0
package/dist/services/sandbox-service.js +95 -0
package/dist/templates.d.ts +7 -0
package/dist/templates.js +56 -0
package/dist/types.d.ts +230 -0
package/dist/types.js +1 -0
package/dist/version.d.ts +1 -0
package/dist/version.js +1 -0
package/package.json +65 -0
package/skills/belay/SKILL.md +52 -0
package/skills/belay/belay-approve.md +7 -0
package/skills/belay/belay-explain.md +11 -0
package/skills/belay/belay-recover.md +13 -0
package/skills/belay/belay-report.md +7 -0
package/skills/belay/belay-status.md +9 -0
package/skills/belay/belay-why.md +11 -0

package/dist/core/v2/overrides.js ADDED Viewed

@@ -0,0 +1,37 @@
+import { matchesCustomCommand } from '../custom-command-match.js';
+export function matchesCustomPatterns(command, segment, patterns) {
+    if (!patterns || patterns.length === 0) {
+        return false;
+    }
+    const normalized = command.trim();
+    return patterns.some((pattern) => matchesCustomCommand(normalized, segment.key, pattern) ||
+        matchesCustomCommand(segment.normalized, segment.key, pattern));
+}
+export function customAllowMatch(command, segment, context) {
+    return matchesCustomPatterns(command, segment, context.customAllowCommands);
+}
+export function customExternalMatch(command, segment, context) {
+    return matchesCustomPatterns(command, segment, context.customExternalCommands);
+}
+export function allowFromCustomOverride(opacity) {
+    return {
+        permission: 'allow',
+        location: 'repo_local',
+        opacity,
+        effect: 'unknown',
+        confidence: 'deterministic',
+        reason: 'custom_allow',
+        signals: ['custom_allow'],
+    };
+}
+export function askFromCustomExternal(opacity) {
+    return {
+        permission: 'ask',
+        location: 'external',
+        opacity,
+        effect: 'remote_mutation',
+        confidence: 'deterministic',
+        reason: 'custom_external',
+        signals: ['custom_external'],
+    };
+}

package/dist/core/v2/parser.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { VerdictOpacity } from './types.js';
+export interface ParsedSegment {
+    tokens: string[];
+    head: string;
+    key: string;
+    normalized: string;
+}
+export declare function normalizeHead(token: string): string;
+export declare function peelTransparentWrappers(tokens: string[]): {
+    tokens: string[];
+    xargsStdinOpaque: boolean;
+};
+export declare function isVariableIndirectHead(head: string): boolean;
+export declare function extractEvalBody(tokens: string[]): string | null;
+export declare function extractRecursiveScript(tokens: string[]): string | null;
+export declare function isBareInterpreter(tokens: string[]): boolean;
+export declare function splitTopLevelSegments(command: string): string[];
+export declare function parseSegment(command: string): ParsedSegment;
+export declare function segmentOpacity(command: string): VerdictOpacity;
+export declare function substitutionInners(command: string): string[];
+export declare function redactCommand(command: string): string;

package/dist/core/v2/parser.js ADDED Viewed

@@ -0,0 +1,213 @@
+import path from 'node:path';
+import { findCommandSubstitutions } from '../shell-substitution.js';
+import { commandKey, tokenizeShell } from '../shell-tokenizer.js';
+import { detectUnparseableShell } from '../shell-unparseable.js';
+const ENV_PREFIX_PATTERN = /^[A-Za-z_][A-Za-z0-9_]*=(?:'[^']*'|"[^"]*"|\S+)$/;
+const TRANSPARENT_WRAPPERS = new Set([
+    'sudo',
+    'env',
+    'nohup',
+    'time',
+    'nice',
+    'ionice',
+    'stdbuf',
+    'setsid',
+    'xargs',
+]);
+const SHELL_INTERPRETERS = new Set(['bash', 'sh', 'zsh', 'dash', 'fish']);
+const CODE_INTERPRETERS = new Set(['python', 'python3', 'node', 'ruby', 'perl', 'osascript']);
+const SCRIPT_FLAGS = new Set(['-c', '-lc', '-e', '--eval']);
+const INTERPRETER_SCRIPT_EXTENSIONS = new Set([
+    '.js',
+    '.mjs',
+    '.cjs',
+    '.ts',
+    '.py',
+    '.rb',
+    '.pl',
+    '.sh',
+]);
+export function normalizeHead(token) {
+    const base = path.basename(token);
+    if (base && base !== '.' && base !== '..') {
+        return base;
+    }
+    return token;
+}
+export function peelTransparentWrappers(tokens) {
+    let current = [...tokens];
+    let xargsStdinOpaque = false;
+    while (current.length > 0) {
+        while (current.length > 0 && ENV_PREFIX_PATTERN.test(current[0] ?? '')) {
+            current.shift();
+        }
+        if (current.length === 0) {
+            break;
+        }
+        const head = normalizeHead(current[0] ?? '');
+        if (!TRANSPARENT_WRAPPERS.has(head)) {
+            break;
+        }
+        if (head === 'xargs') {
+            let index = 1;
+            while (index < current.length && current[index]?.startsWith('-')) {
+                index += 1;
+            }
+            const rest = current.slice(index);
+            if (rest.length === 0) {
+                xargsStdinOpaque = true;
+                return { tokens: [], xargsStdinOpaque: true };
+            }
+            current = rest;
+            continue;
+        }
+        if (head === 'env') {
+            let index = 1;
+            while (index < current.length) {
+                const token = current[index] ?? '';
+                if (ENV_PREFIX_PATTERN.test(token) || token.startsWith('-')) {
+                    index += 1;
+                    continue;
+                }
+                break;
+            }
+            current = current.slice(index);
+            continue;
+        }
+        current = current.slice(1);
+    }
+    return { tokens: current, xargsStdinOpaque };
+}
+export function isVariableIndirectHead(head) {
+    return head.startsWith('$');
+}
+export function extractEvalBody(tokens) {
+    const head = normalizeHead(tokens[0] ?? '');
+    if (head !== 'eval') {
+        return null;
+    }
+    const body = tokens.slice(1).join(' ').trim();
+    return body || null;
+}
+export function extractRecursiveScript(tokens) {
+    const filtered = tokens.filter((token) => token !== 'sudo');
+    const head = normalizeHead(filtered[0] ?? '');
+    const second = filtered[1] ?? '';
+    if (head === 'eval') {
+        return extractEvalBody(tokens);
+    }
+    if (SHELL_INTERPRETERS.has(head) || CODE_INTERPRETERS.has(head)) {
+        const flagIndex = filtered.findIndex((token) => SCRIPT_FLAGS.has(token));
+        if (flagIndex !== -1) {
+            const body = filtered
+                .slice(flagIndex + 1)
+                .join(' ')
+                .replace(/^['"]|['"]$/g, '')
+                .trim();
+            return body || null;
+        }
+    }
+    if (head === 'bash' && (second === '-lc' || second === '-c')) {
+        const body = filtered
+            .slice(2)
+            .join(' ')
+            .replace(/^['"]|['"]$/g, '')
+            .trim();
+        return body || null;
+    }
+    return null;
+}
+export function isBareInterpreter(tokens) {
+    const { tokens: peeled, xargsStdinOpaque } = peelTransparentWrappers(tokens);
+    if (xargsStdinOpaque) {
+        return true;
+    }
+    if (peeled.length === 0) {
+        return false;
+    }
+    const head = normalizeHead(peeled[0] ?? '');
+    if (!SHELL_INTERPRETERS.has(head) && !CODE_INTERPRETERS.has(head)) {
+        return false;
+    }
+    const hasScriptFlag = peeled.some((token) => SCRIPT_FLAGS.has(token));
+    if (hasScriptFlag) {
+        return false;
+    }
+    const args = peeled.slice(1);
+    if (args.length === 0) {
+        return true;
+    }
+    if (args.every((token) => token.startsWith('-'))) {
+        return false;
+    }
+    const scriptArg = args.find((token) => !token.startsWith('-'));
+    if (scriptArg && INTERPRETER_SCRIPT_EXTENSIONS.has(path.extname(scriptArg))) {
+        return false;
+    }
+    if (scriptArg) {
+        return false;
+    }
+    return true;
+}
+export function splitTopLevelSegments(command) {
+    const tokens = tokenizeShell(command);
+    const segments = [];
+    let current = [];
+    const flush = () => {
+        if (current.length > 0) {
+            segments.push(current.join(' '));
+            current = [];
+        }
+    };
+    for (const token of tokens) {
+        if (token === '&&' || token === '||' || token === ';' || token === '|' || token === '&') {
+            flush();
+            continue;
+        }
+        current.push(token);
+    }
+    flush();
+    return segments.filter((segment) => segment.trim().length > 0);
+}
+export function parseSegment(command) {
+    const tokens = tokenizeShell(command);
+    const { tokens: peeled } = peelTransparentWrappers(tokens);
+    const normalizedTokens = peeled.map((token) => normalizeHead(token));
+    const key = commandKey(peeled.map((token, index) => (index === 0 ? normalizeHead(token) : token)));
+    return {
+        tokens: peeled,
+        head: normalizeHead(peeled[0] ?? ''),
+        key,
+        normalized: normalizedTokens.join(' ').trim(),
+    };
+}
+export function segmentOpacity(command) {
+    if (detectUnparseableShell(command)) {
+        return 'unparseable';
+    }
+    const tokens = tokenizeShell(command);
+    const { xargsStdinOpaque } = peelTransparentWrappers(tokens);
+    if (xargsStdinOpaque) {
+        return 'opaque';
+    }
+    if (isBareInterpreter(tokens)) {
+        return 'opaque';
+    }
+    const segment = parseSegment(command);
+    if (isVariableIndirectHead(segment.head)) {
+        return 'opaque';
+    }
+    if (extractRecursiveScript(tokens)) {
+        return 'recursive';
+    }
+    return 'transparent';
+}
+export function substitutionInners(command) {
+    return findCommandSubstitutions(command);
+}
+export function redactCommand(command) {
+    return command
+        .replace(/Bearer\s+[A-Za-z0-9._~+/=-]+/gi, 'Bearer [REDACTED]')
+        .replace(/sk-[A-Za-z0-9]{8,}/g, 'sk-[REDACTED]')
+        .trim();
+}

package/dist/core/v2/types.d.ts ADDED Viewed

@@ -0,0 +1,67 @@
+export type VerdictPermission = 'allow' | 'ask';
+export type VerdictLocation = 'repo_local' | 'repo_outside' | 'external' | 'mixed' | 'unknown';
+export type VerdictOpacity = 'transparent' | 'recursive' | 'opaque' | 'unparseable';
+export type VerdictEffect = 'read_only' | 'local_mutation' | 'remote_mutation' | 'unknown';
+export type VerdictConfidence = 'deterministic' | 'llm' | 'assumed_repo_local' | 'verified_substrate';
+export interface VerdictResult {
+    permission: VerdictPermission;
+    location: VerdictLocation;
+    opacity: VerdictOpacity;
+    effect: VerdictEffect;
+    confidence: VerdictConfidence;
+    reason: string;
+    commandRedacted: string;
+    fingerprint: string;
+    signals: string[];
+    judgeTrace?: JudgeTrace;
+}
+export interface Tier1Verdict {
+    external_change: boolean;
+    destroys_outside_repo: boolean;
+    destroys_history_or_secrets: boolean;
+    reason: string;
+}
+export interface Tier1EvaluateInput {
+    text: string;
+    context: {
+        cwd: string;
+        repoRoot: string;
+    };
+    innerCode?: string;
+}
+export interface Tier1Judge {
+    evaluate(input: Tier1EvaluateInput): Promise<Tier1Verdict>;
+}
+export interface JudgeTrace {
+    provider: 'openai-compatible' | 'ollama' | 'fallback';
+    modelRequested: string;
+    modelResolved: string;
+    latencyMs: number;
+    outboundRedacted?: boolean;
+    fallbackReason?: string;
+}
+export type VerdictMode = 'enforce' | 'audit';
+export interface VerdictContext {
+    cwd: string;
+    repoRoot: string;
+    trustedCwd: boolean;
+    sensitivePaths: string[];
+    protectedArtifactRoots?: string[];
+    customAllowCommands?: string[];
+    customExternalCommands?: string[];
+    judge: Tier1Judge;
+    mode: VerdictMode;
+    unknownLocalEffect: 'allow_flagged' | 'deny';
+    unparseableShell: 'allow_flagged' | 'deny';
+    maxRecursionDepth?: number;
+}
+export interface InternalSegmentVerdict {
+    permission: VerdictPermission;
+    location: VerdictLocation;
+    opacity: VerdictOpacity;
+    effect: VerdictEffect;
+    confidence: VerdictConfidence;
+    reason: string;
+    signals: string[];
+    judgeTrace?: JudgeTrace;
+}

package/dist/core/v2/types.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/core/v2/verdict.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { VerdictContext, VerdictResult } from './types.js';
2	+ export declare function verdict(command: string, context: VerdictContext): Promise<VerdictResult>;